If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

UAC elevation of process

I want to write a simple dialog. When I press the button, it will first elevate and then perform some security sensitive tasks.

The way I have seen to elevate is to call ShellExecuteEx. However, I need to fill SHELLEXECUTEINFO::lpFile, so that it starts another application instead of elevate the process I am running. If it has to start a new process, that means I have to create another executable which is specific for performing those security sensitive tasks. I don't want to manage one more executable.

I am not familiar with UAC mechanism. Is it possible to elevate current process?

In Chinese Proverb, "Teaching the poor fishing is better than giving fish to them".

Re: UAC elevation of process

Originally Posted by OReubens

You cannot elevate a running process.

Process elevation happens at the moment a process is started, and you can neither raise it or lower it afterwards.

Can somebody confirm this? It sounds quite unlikely to me that it should not be possible, as I can easily impersonate an (other) admin-account during process execution, so I suppose it should also be possible to "impersonate" myself evaluated (replace ProcessLevelToken or something)?

Re: UAC elevation of process

The whole point of elevation is that any and all means to get an elevated process you must go via the UAC elevation dialog. If there was a way to work around the UAC dialog, then any virus or malicious program would be able to do so and this would pretty much nullify the whole point of UAC in the first place.

If you need to do security sensitive stuff, then there are a number of ways to achieve that.
1) Start a separate security exe with elevation that has the dialogs for this.
2) Have your exe start itself again with elevation and add a parameter on the commandline to indicate this. You can then either just show the elevated dialog, or leave the entire exe elevated and let the other exe die.
3) Stuff the dialog in a COM object and launch this COM object as elevated.
4) Install a service. Your exe can then communicate with this service to have the service make the actual changes. This is considered UAC-safe since instaling the service would have needed elevation. If you are going this route, you should somehow secure communications with your service. If your program ends up being very popular, it may end up being a backdoor for malicious software.

If you impersonate an admin login. You will get a standard token, not an administrative/elevated token.

* The Perfect Platform for Game Developers: Android
Developing rich, high performance Android games from the ground up is a daunting task. Intel has provided Android developers with a number of tools that can be leveraged by Android game developers.

* The Best Reasons to Target Windows 8
Learn some of the best reasons why you should seriously consider bringing your Android mobile development expertise to bear on the Windows 8 platform.